Hackers Stole Data From 57 Million Uber Drivers and Customers, Uber Paid $100K to Hide Attack

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Nov 21, 2017.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Uber suffered a massive data breach last year that exposed the personal data of 57 million customers and drivers, reports Bloomberg. The attack occurred in October of 2016 and included personal information from 50 million Uber riders and 7 million Uber drivers.

    Two hackers reportedly accessed a private GitHub repository used by Uber's software engineers and then used those credentials to breach an Amazon Web Services account that contained an archive of rider and driver information.

    Email addresses and phone numbers were stolen from riders, while hackers were able to obtain email addresses, phone numbers, and driver's license numbers from drivers. Uber says social security numbers and trip location data were not accessed in the attack.

    Rather than disclosing the attack when Uber learned of it in November of 2016, the company instead paid hackers $100,000 to delete the data and keep quiet about the breach. Uber did not disclose the identity of the hackers, but did say it believes the information was not used or otherwise sold.

    Uber's new CEO, Dara Khosrowshahi, says the attack and the coverup should not have happened, and that Uber is "changing the way we do business." Khosrowshahi says he is aiming to change the way Uber operates, and as part of that effort, Uber informed the FTC and attorney general about the attack this morning.
    Uber's efforts to conceal the hack were led by chief security officer Joe Sullivan, who has been ousted from the company. Uber also let go of Craig Clark, a senior lawyer who worked with Sullivan.

    In light of the attack, Uber has hired Matt Olsen, who previously served as general counsel at the National Security Agency. Uber says Olsen will help the company restructure its security teams.

    Article Link: Hackers Stole Data From 57 Million Uber Drivers and Customers, Uber Paid $100K to Hide Attack
  2. Mansu944 macrumors 6502

    Mar 11, 2012
  3. Solomani macrumors 68040


    Sep 25, 2012
    Alberto, Canado
  4. Lerxt macrumors regular

    Nov 30, 2012
    Another nail in the coffin for Uber for me. As soon as a decent competitor arrives where I live, I’m bailing out.
  5. Robert.Walter macrumors 65816

    Jul 10, 2012
    Did they disclose because it was leaking out?
  6. dannyyankou macrumors 604


    Mar 2, 2012
    Scarsdale, NY
    The will be the last straw for many people who have Lyft as an alternative. PR nightmare.
  7. just.jon macrumors member


    Jan 26, 2017
    Uber needs to go, now. The Justice Department needs to be looking hard at them for a handful of reasons.
  8. garirry macrumors 68000


    Apr 27, 2013
    Canada is my city
    Jesus christ first the net neutrality thing and now this... what a day.
  9. The Game 161 macrumors P6

    The Game 161

    Dec 15, 2010
    what customer data though? numbers? as surely people just pay via cash?
  10. nabeel24 macrumors regular

    Oct 24, 2013
  11. now i see it macrumors 68030

    Jan 2, 2002
    All the hackers got were names and email addresses (of riders). Big deal.
  12. Watabou macrumors 68040


    Feb 10, 2008
    United States
    The blame doesn’t just lie with those two. How did the rest of Uber’s upper management not notice why they paid $100K?
  13. Packers1958 macrumors 65816

    Apr 16, 2017
    South Dakota
    Yea, I really believe the hackers deleted the info after getting paid, because you can always take the word of a criminal.
    --- Post Merged, Nov 21, 2017 ---
    $100,000 not 100 million.
  14. dannyyankou macrumors 604


    Mar 2, 2012
    Scarsdale, NY
    Sure, but you're not going to defend Uber paying the hackers $100k to hide it are you? It's as shady as it gets. If they were upfront and honest about the hack I might have forgiven them.
  15. Contra1971 macrumors member


    Dec 7, 2016
    San Antonio
    I see a law suit against Uber for this in the near future
  16. DevNull0 macrumors 68000

    Jan 6, 2015
    All these companies see security as a cost that has no return. So it's where they think they can cut corners.
  17. Doctor Q Administrator

    Doctor Q

    Staff Member

    Sep 19, 2002
    Los Angeles
    Can you trust hackers not to use (i.e, sell) the data they stole, even if you pay them? If they take your data, take your money, AND use the data, should you take them to court or offer them more money?

    Note to self: Perhaps it's not a great idea to store your internal passwords in your GitHub account.
  18. scottcampbell macrumors regular

    Aug 7, 2017
    What's your name and email address?
  19. blacktape242 macrumors 65816


    Dec 17, 2010
    Sacramento, CA
    oh god....its like the govt. paying all those people off who were sexually abused.....disgusting all the way around!
  20. kdarling macrumors P6


    Jun 9, 2007
    First university coding class = 47 years ago
    If Uber hadn't paid, then the hackers would've sold the info to people up to no good.

    Which would you prefer? Lots of publicity with your info sold, or no publicity and your info safe?
  21. kildraik macrumors 6502a


    May 7, 2006
    Colorado Rockies
    Uber is as shady as most of their drivers. Astonishing, yet unsurprising given their history.
  22. patent10021 macrumors 68030


    Apr 23, 2004
    Unfortunately I think Uber will soon be operating in Vancouver, Canada. I'd much rather see Didi, Grab or Lyft in Vancouver than Uber. Didi drivers and company are awesome.
  23. Rudy69 macrumors 6502a


    Mar 30, 2009
    How do you know it won't be sold in the future? (If it hasn't already)

Share This Page